PUBLIC SERVICE ANNOUNCEMENT: 2FA NOW MANDATORY - YOU DON'T NEED A PHONE NUMBER FFS

[Twiglard]

Couldn't the administration/technical staff just check each user's password if it's easily compromised (there exist lists of top common passwords the internet, or something like it - you can calculate hash from them and compare to the one stored in the user database)

The attacker is likely using leaked (email, password) or (username, password) pairs rather than going by the 1000 most common passwords or anything like that.

You can verify your own passwords using a password manager or Google's password manager for leaked or repeated passwords. But if everyone did that, there'd be nothing to talk about.

 

[racofer]

Is the re-authentication after 30 days really neccessary? Why can't we stay logged in forever like we used to?

Because you have to consider the possibility of a wild russian breaking into your home to steal your computer so that he can delete all of your posts.

 

[GrafvonMoltke]

You wouldn't steal a password Raapys

 

[AwesomeButton]

I spent a week honestly convinced that the forum was in maintenance and the message about 2FA is the usual Dark Underlord trolling meant to induce users to fiddle in their profile settings looking for a 2FA option that doesn't exist.

Very smart, DU, I thought, but you won't catch me with this bait.

What tipped me off was that I kept getting new notifications, which means that other people are accessing the forum. Only then I discovered there actually is a 2FA option and the administration wasn't joking. Ridiculous.

 

[Tacgnol]

You can verify your own passwords using a password manager or Google's password manager for leaked or repeated passwords. But if everyone did that, there'd be nothing to talk about.

It would also help if people used different passwords per site. I thought Codexers, being generally concerned about their privacy, would pay more attention to password hygiene but apparently not.

 

[Twiglard]

You can verify your own passwords using a password manager or Google's password manager for leaked or repeated passwords. But if everyone did that, there'd be nothing to talk about.

It would also help if people used different passwords per site. I thought Codexers, being generally concerned about their privacy, would pay more attention to password hygiene but apparently not.

Without a password manager, using unique per-site passwords is too difficult. It took quite a few site database leaks in a short time for me to bite the bullet and start using Bitwarden. Before that I had 3-4 passwords, used depending on the importance of given account. Remembering 20 or more passwords that aren't just variants of a single one with a few characters thrown at the end exceeds the capabilities of my brain.

 

[Tacgnol]

You can verify your own passwords using a password manager or Google's password manager for leaked or repeated passwords. But if everyone did that, there'd be nothing to talk about.

It would also help if people used different passwords per site. I thought Codexers, being generally concerned about their privacy, would pay more attention to password hygiene but apparently not.

Without a password manager, using unique per-site passwords is too difficult. It took quite a few site database leaks in a short time for me to bite the bullet and start using Bitwarden. Before that I had 3-4 passwords, used depending on the importance of given account. Remembering 20 or more passwords that aren't just variants of a single one with a few characters thrown at the end exceeds the capabilities of my brain.

Yep, it's why I'm generally a proponent of password managers.

 

[GrafvonMoltke]

Shilling Bitwarden huh? Next it'll RAID SHADOW LEGENDS or NORD VPN

 

[Jaedar]

Didn't have issue with needing to do 2fa again today... :itisamystery:

 

[Nano]

This was a long time coming, but I'm surprised that apparently even DU didn't use 2FA before this.

Edit: oh, DarkPatriot, not DU.

 

[Semiurge]

Two days of succesful authorisation in a row, I will do things exactly the same for some time and if things go smooth during that time, I'll slowly begin to make some changes to see if the malfunction was caused by some known factor.

 

[Haba]

This was a long time coming, but I'm surprised that apparently even DU didn't use 2FA before this.

Edit: oh, DarkPatriot, not DU.

Well, have you seen DU posting since the MFA requirement?

Clearly he couldn't figure it out yet...

 

[Roguey]

Without a password manager, using unique per-site passwords is too difficult. It took quite a few site database leaks in a short time for me to bite the bullet and start using Bitwarden. Before that I had 3-4 passwords, used depending on the importance of given account. Remembering 20 or more passwords that aren't just variants of a single one with a few characters thrown at the end exceeds the capabilities of my brain.

I use a unique password for every site I use. I have a password text file so of course if my own PC gets hacked everything gets compromised.

 

[Hobo Elf]

Without a password manager, using unique per-site passwords is too difficult. It took quite a few site database leaks in a short time for me to bite the bullet and start using Bitwarden. Before that I had 3-4 passwords, used depending on the importance of given account. Remembering 20 or more passwords that aren't just variants of a single one with a few characters thrown at the end exceeds the capabilities of my brain.

I use a unique password for every site I use. I have a password text file so of course if my own PC gets hacked everything gets compromised.

This, except I have a little phyiscal notebook for my passwords. I use a unique pw for everything, which also includes a crapful of work related things as well.

 

[Lady Error]

Without a password manager, using unique per-site passwords is too difficult. It took quite a few site database leaks in a short time for me to bite the bullet and start using Bitwarden. Before that I had 3-4 passwords, used depending on the importance of given account. Remembering 20 or more passwords that aren't just variants of a single one with a few characters thrown at the end exceeds the capabilities of my brain.

I use a unique password for every site I use. I have a password text file so of course if my own PC gets hacked everything gets compromised.

Encrypt the text file itself with a password.

 

[Spectral Pontifex]

You guys don't use a different password and email for everything?

 

[lukaszek]

Without a password manager, using unique per-site passwords is too difficult. It took quite a few site database leaks in a short time for me to bite the bullet and start using Bitwarden. Before that I had 3-4 passwords, used depending on the importance of given account. Remembering 20 or more passwords that aren't just variants of a single one with a few characters thrown at the end exceeds the capabilities of my brain.

I use a unique password for every site I use. I have a password text file so of course if my own PC gets hacked everything gets compromised.

Encrypt the text file itself with a password.

and then realize you can just use keepass. we did it boyz

 

[GrafvonMoltke]

I just write my passwords on little scraps of paper and I'll just eat them when the FBI come

 

[Tacgnol]

Shilling Bitwarden huh? Next it'll RAID SHADOW LEGENDS or NORD VPN

Bitwarden is pretty decent to be fair.

 

[Lord of Riva]

There's no such addon

https://xenforo.com/community/resources/flood-permissions.6800/
Provides user group permissions for the following post rate limiting options:
Delete - General rate limiting - delay between [deleting] posts in seconds

I don't understand how any of this shit works in the first place so apologies if I'm being a nuisance rather than helpful (j/k I've never been helpful in my life) but this kinda sounds like such addon

Congrats, looks like you found one. But even with deletion instances time limited, someone with a script could still play the long game and delete a lot of posts over a longer period and be even harder to notice. So it wouldn't solve the problem, it'd just extend it over a longer period. My choice would be either limit post deletion to something like 2 hours, or disable it altogether. Any legit need for post deletion could be asked of the mods by using the report post function. Probably half of the deleted posts here are basically people who instead of editing their post, just delete it and make a new one with the same contents.

Yeah, just make it as inconvenient for the users as possible so you can remain lazy. I mean, if you really cared about edge cases you would have thought about a solution when you moved the forum software, can't have that though, would be effort.

Long-story short: You just want this shit, because you think it's easy, solves your issue and it's irrelevant if it's shit for the users, who cares and all.
Daym, at least it's not user generated drama.

 

[Roguey]

Encrypt the text file itself with a password.

Too much effort for my tastes. In my nearly-30 years on the internet, I've never been hacked. There's always a possibility it could happen, but it seems like a low one. I know not to click on suspicious links or emails or fall for fear-scams.

 

[Lord of Riva]

Encrypt the text file itself with a password.

Too much effort for my tastes. In my nearly-30 years on the internet, I've never been hacked. There's always a possibility it could happen, but it seems like a low one. I know not to click on suspicious links or emails or fall for fear-scams.

If some shit-head really, really wants too he will most likely find a hole in your defense anyways. As long as you are somewhat internet literate you are relatively safe, full safety is an illusion anyways.

 

[Taluntain]

Which browsers in 2023 don't have an integrated pass manager / login saving that you all need to store them separately? Firefox has even had a function to generate unique strong passwords for individual logins for years now, which takes all the legwork out of it.

 

[lukaszek]

Which browsers in 2023 don't have an integrated pass manager / login saving that you all need to store them separately?

its more about user paranoia.

 

[BrotherFrank]

You can verify your own passwords using a password manager or Google's password manager for leaked or repeated passwords. But if everyone did that, there'd be nothing to talk about.

It would also help if people used different passwords per site. I thought Codexers, being generally concerned about their privacy, would pay more attention to password hygiene but apparently not.

In theory yes, i should have a different password for everything i use, ideally some 12+ letter strong with symbols and caps and everything.

In practice? Maybe i’m just a retard but i struggle memorizing more then a handful of passwords and every time there was some bs forcing me to come up with new ones i end up forgetting it, necessiting me to have to write it down somewhere.
This is especially true for passwords i barely use.

This all ends up creating a far bigger security concern:the risk of misplacing where i store my password hoard, a far more likely scenario for me then getting hacked. Forcing me to come up with an even worst solution which is what i ended up doing with the codex codes: storing them on my email along with a helpful “codex codes” headline because otherwise i will forget down the line which codes access what.

Does this sound secure? Storing all my eggs in one basket like this where if anyone figured out my email they will get access to most of my passwords used for everything? This is why i loathe 2fa so much, it does not help secure my accounts at all, it just busts my balls for 0 gain.

Ooh but just use a password manager! Ok and what if something happens to my device? I’ve had my computer die on me and my hard drive getting wiped, losing every program and file on it. So no i do not trust relying on an external program managing my passwords because if something happens to that program i will be even more fucked then it someone figures out my email password.

It’s great you are able to juggle multiple individual passwords for everything you use, but if i remember the studies on this topic, the overwhelming majority of people are going to be like me unfortunately.

Make 2fa optional , if someone goes around deleting my posts i don’t think it would be that big a loss and i’ve never been one to care about post counts. I‘ll just shrug and make a new account at worst.